Suppose you are a customer using a credit card to order an item from a website. An obvious threat is that an adversary would eavesdrop on your network communication, reading your messages to obtain your credit card information. It is possible and practical, however, to encrypt messages so as to prevent an adversary from understanding the message contents. A protocol that does so is said to provide confidentiality. Taking the concept a step farther, concealing the quantity or destination of communication is called traffic confidentiality
Even with confidentiality there still remain threats for the website customer. An adversary who can’t read the contents of your encrypted message might still be able to change a few bits in it, resulting in a valid order for, say, a completely different item or perhaps 1000 units of the item. There are techniques to detect, if not prevent, such tampering. A protocol that detects such message tampering provides data integrity. The adversary could alternatively transmit an extra copy of your message in a replay attack.
To the website, it would appear as though you had simply ordered another of the same item you ordered the first time. A protocol that detects replays provides originality. Originality would not, however, preclude the adversary intercepting your order, waiting a while, then transmitting it—in effect, delaying your order. The adversary could thereby arrange for the item to arrive on your doorstep while you are away on vacation, when it can be easily snatched. A protocol that detects such delaying tactics is said to provide timeliness.
Data integrity, originality, and timeliness are considered aspects of the more general property of integrity.
- Secret key (e.g., DES)
- Public key (e.g., RSA)
- Message digest (e.g., MD5)
- Security services
- Privacy: preventing unauthorized release of information
- Authentication: verifying identity of the remote participant
- Integrity: making sure message has not
We introduce the concepts of cryptography-based security step by step. The first step is the cryptographic algorithms—ciphers and cryptographic hashes. Cryptographic algorithms are parameterized by keys
Principles of Ciphers – Encryption transforms a message in such a way that it becomes unintelligible to any party that does not have the secret of how to reverse the transformation. The sender applies an encryption function to the original plaintext message, resulting in a ciphertext message that is sent over the network. The receiver applies a secret decryption function–the inverse of the encryption function–to recover the original plaintext.